net-ssh 0.5.0

data/lib/net/ssh/userauth/methods/hostbased.rb

@@ -0,0 +1,119 @@
+#--
+# =============================================================================
+# Copyright (c) 2004, Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+require 'net/ssh/errors'
+require 'net/ssh/userauth/constants'
+
+module Net
+  module SSH
+    module UserAuth
+      module Methods
+
+        # Implements the host-based SSH authentication method.
+        class HostBased
+          include Net::SSH::UserAuth::Constants
+
+          # The messenger to use to send and receive messages.
+          attr_writer :messenger
+
+          # The session-id of the current SSH session.
+          attr_writer :session_id
+
+          # The hostname to report to the server.
+          attr_writer :hostname
+
+          # Create a new 
+          def initialize( buffers )
+            @buffers = buffers
+          end
+
+          # Attempts to perform host-based authorization of the user. The data
+          # hash must contain a <tt>:key_manager</tt> key or the call will
+          # fail.
+          def authenticate( next_service, username, data={} )
+            key_manager = data[:key_manager] or return false
+
+            key_manager.host_identities.each do |identity|
+              return true if authenticate_with( identity, next_service,
+                username, key_manager )
+            end
+
+            return false
+
+          ensure
+            key_manager.finish if key_manager
+          end
+
+          # Attempts to perform host-based authentication of the user, using
+          # the given host identity (key).
+          def authenticate_with( identity, next_service, username, key_manager )
+            client_username = ENV['USER'] || username
+
+            req = build_request identity, next_service, username,
+              @hostname+".", client_username
+
+            sig_data = @buffers.writer
+            sig_data.write_string @session_id
+            sig_data.write req
+
+            sig = key_manager.sign( identity, sig_data.to_s )
+
+            message = @buffers.writer
+            message.write req
+            message.write_string sig
+
+            @messenger.send_message message
+            message = @messenger.wait_for_message
+
+            case message.message_type
+              when USERAUTH_SUCCESS
+                return true
+              when USERAUTH_FAILURE
+                return false
+              else
+                raise Net::SSH::Exception,
+                  "unexpected server response to USERAUTH_REQUEST: " +
+                  message.inspect
+            end
+          end
+          private :authenticate_with
+
+          # Build the "core" hostbased request string.
+          def build_request( identity, next_service, username, hostname,
+               client_username )
+          # begin
+            buf = @buffers.writer
+            buf.write_byte USERAUTH_REQUEST
+            buf.write_string username
+            buf.write_string next_service
+            buf.write_string "hostbased"
+
+            buf.write_string identity.ssh_type
+            blob = @buffers.writer
+            blob.write_key identity
+            buf.write_string blob.to_s
+
+            buf.write_string hostname
+            buf.write_string client_username
+            return buf.to_s
+          end
+
+        end
+
+      end
+    end
+  end
+end

data/lib/net/ssh/userauth/methods/password.rb

@@ -0,0 +1,70 @@
+#--
+# =============================================================================
+# Copyright (c) 2004, Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+require 'net/ssh/errors'
+require 'net/ssh/userauth/constants'
+
+module Net
+  module SSH
+    module UserAuth
+      module Methods
+
+        # Implements the "password" SSH authentication method.
+        class Password
+          include Net::SSH::UserAuth::Constants
+
+          # The messenger to use when communicating.
+          attr_writer :messenger
+
+          # Create a new Password authenticator. It will use the given buffers
+          # factory to create new buffer instances.
+          def initialize( buffers )
+            @buffers = buffers
+          end
+
+          # Attempt to authenticate the given user for the given service. The
+          # data hash must specify a <tt>:password</tt> value, otherwise this
+          # will always return false.
+          def authenticate( next_service, username, data={} )
+            return false unless data[:password]
+
+            msg = @buffers.writer
+            msg.write_byte USERAUTH_REQUEST
+            msg.write_string username
+            msg.write_string next_service
+            msg.write_string "password"
+            msg.write_bool false
+            msg.write_string data[:password]
+            @messenger.send_message msg
+
+            message = @messenger.wait_for_message
+
+            case message.message_type
+              when USERAUTH_SUCCESS
+                return true
+              when USERAUTH_FAILURE, USERAUTH_PASSWD_CHANGEREQ
+                return false
+              else
+                raise Net::SSH::Exception,
+                  "unexpected reply to USERAUTH_REQUEST: #{message.inspect}"
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/net/ssh/userauth/methods/publickey.rb

@@ -0,0 +1,137 @@
+#--
+# =============================================================================
+# Copyright (c) 2004, Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+require 'net/ssh/errors'
+require 'net/ssh/userauth/constants'
+
+module Net
+  module SSH
+    module UserAuth
+      module Methods
+
+        # Implements the "publickey" SSH authentication method.
+        class PublicKey
+          include Net::SSH::UserAuth::Constants
+
+          # The messenger instance to use to send and receive messages
+          attr_writer :messenger
+
+          # The session id of the current SSH session
+          attr_writer :session_id
+
+          # Create a new PublicKey instance that uses the given buffer
+          # factory to produce new buffer instances.
+          def initialize( buffers )
+            @buffers = buffers
+          end
+
+          # Attempts to perform public-key authentication for the given
+          # username, trying each identity known to the key manager. If any of
+          # them succeed, returns +true+, otherwise returns +false+. The data
+          # hash must contain a UserKeyManager instance under the
+          # <tt>:key_manager</tt> key.
+          def authenticate( next_service, username, data={} )
+            key_manager = data[:key_manager]
+            return false unless key_manager
+
+            key_manager.identities.each do |identity|
+              return true if authenticate_with( identity, next_service,
+                username, key_manager )
+            end
+
+            return false
+
+          ensure
+            key_manager.finish if key_manager
+          end
+
+          # Builds a Net::SSH::Util::WriterBuffer that contains the request
+          # formatted for sending a public-key request to the server.
+          def build_request( pub_key, username, next_service, has_sig,
+                buffer=nil )
+          # begin
+            buffer ||= @buffers.writer
+
+            buffer.write_byte USERAUTH_REQUEST
+            buffer.write_string username
+            buffer.write_string next_service
+            buffer.write_string "publickey"
+            buffer.write_bool has_sig
+            buffer.write_string pub_key.ssh_type
+
+            blob = @buffers.writer
+            blob.write_key pub_key
+            buffer.write_string blob.to_s
+
+            return buffer
+          end
+          private :build_request
+
+          # Builds and sends a request formatted for a public-key
+          # authentication request.
+          def send_request( pub_key, username, next_service, signature=nil )
+            msg = build_request( pub_key, username, next_service, signature )
+            msg.write_string signature if signature
+            @messenger.send_message msg
+          end
+          private :send_request
+
+          # Attempts to perform public-key authentication for the given
+          # username, with the given identity (public key). Returns +true+ if
+          # successful, or +false+ otherwise.
+          def authenticate_with( identity, next_service, username, key_manager )
+            send_request identity, username, next_service
+
+            message = @messenger.wait_for_message
+
+            case message.message_type
+              when USERAUTH_PK_OK
+                sig_data = @buffers.writer
+                sig_data.write_string @session_id
+                build_request identity, username, next_service, true, sig_data
+
+                sig_blob = key_manager.sign( identity, sig_data )
+
+                send_request identity, username, next_service, sig_blob.to_s
+                message = @messenger.wait_for_message
+
+                case message.message_type
+                  when USERAUTH_SUCCESS
+                    return true
+                  when USERAUTH_FAILURE
+                    return false
+                  else
+                    raise Net::SSH::Exception,
+                      "unexpected server response to USERAUTH_REQUEST: " +
+                      message.inspect
+                end
+
+              when USERAUTH_FAILURE
+                return false
+
+              else
+                raise Net::SSH::Exception,
+                  "unexpected reply to USERAUTH_REQUEST: #{message.inspect}"
+            end
+          end
+          private :authenticate_with
+
+        end
+
+      end
+    end
+  end
+end

data/lib/net/ssh/userauth/methods/services.rb

@@ -0,0 +1,63 @@
+#--
+# =============================================================================
+# Copyright (c) 2004, Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+module Net
+  module SSH
+    module UserAuth
+      module Methods
+
+        def register_services( container )
+          container.namespace_define :methods do |b|
+
+            b.password do |c,p|
+              require 'net/ssh/userauth/methods/password'
+              method = Password.new( c[:transport][:buffers] )
+              method.messenger = c[:userauth][:driver]
+              method
+            end
+
+            # Just alias keyboard_interactive to password, for now
+            # TODO: keyboard_interactive should probably actually prompt
+            # for a password if one wasn't given...need to read up on this
+            # more.
+            b.keyboard_interactive { b.password }
+
+            b.publickey do |c,p|
+              require 'net/ssh/userauth/methods/publickey'
+              method = PublicKey.new( c[:transport][:buffers] )
+              method.messenger = c[:userauth][:driver]
+              method.session_id = c[:transport][:session].session_id
+              method
+            end
+
+            b.hostbased do |c,p|
+              require 'net/ssh/userauth/methods/hostbased'
+              method = HostBased.new( c[:transport][:buffers] )
+              session = c[:transport][:session]
+              method.messenger = c[:userauth][:driver]
+              method.hostname = session.client_name
+              method.session_id = session.session_id
+              method
+            end
+            
+          end
+        end
+        module_function :register_services
+
+      end
+    end
+  end
+end

data/lib/net/ssh/userauth/services.rb

@@ -0,0 +1,126 @@
+#--
+# =============================================================================
+# Copyright (c) 2004, Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+module Net
+  module SSH
+    module UserAuth
+
+      def register_services( container )
+        container.namespace_define :userauth do |b|
+
+          b.require 'net/ssh/userauth/methods/services', "#{self}::Methods"
+
+          b.agent_socket_factory do
+            require 'socket'
+            defined?( UNIXSocket ) ? UNIXSocket : nil
+          end
+
+          b.default_agent_socket_name { ENV['SSH_AUTH_SOCK'] }
+
+          b.default_agent_version { 2 }
+          
+          b.agent( :model => :prototype ) do |c,p|
+            if ( socket_factory = c[:agent_socket_factory] )
+              require 'net/ssh/userauth/agent'
+              require 'net/ssh/transport/services'
+
+              agent = Agent.new
+              agent.socket_factory = socket_factory
+              agent.socket_name = c[:default_agent_socket_name]
+              agent.version = c[:default_agent_version]
+              agent.buffers = c[:transport][:buffers]
+              agent.keys = c[:transport][:keys]
+              agent.connect!
+            end
+
+            agent
+          end
+
+          b.agent_factory do |c,p|
+            factory = Object.new
+            klass = class << factory; self; end
+            klass.send( :define_method, :open ) { c[:agent] }
+            factory
+          end
+
+          b.default_user_key_locations do
+            [ "#{ENV['HOME']}/.ssh/id_dsa",
+              "#{ENV['HOME']}/.ssh2/id_dsa",
+              "#{ENV['HOME']}/.ssh/id_rsa",
+              "#{ENV['HOME']}/.ssh2/id_rsa" ]
+          end
+
+          b.default_host_key_locations do
+            [ "/etc/ssh/ssh_host_dsa_key",
+              "/etc/ssh/ssh_host_rsa_key" ]
+          end
+
+          b.key_existence_tester { File }
+
+          b.user_keys do |c,p|
+            require 'net/ssh/userauth/userkeys'
+
+            userkeys = UserKeyManager.new
+            userkeys.agent_factory = c[:agent_factory]
+            userkeys.keys = c[:transport][:keys]
+            userkeys.buffers = c[:transport][:buffers]
+            userkeys.log = c[:log_for, p]
+            userkeys.key_existence_tester = b.key_existence_tester
+
+            b.default_user_key_locations.each { |f| userkeys.add f }
+            b.default_host_key_locations.each { |f| userkeys.add_host_key f }
+
+            userkeys
+          end
+
+          b.authentication_method_order do
+            [ "publickey",
+              "keyboard-interactive",
+              "password",
+              "hostbased" ]
+          end
+
+          b.driver do |c,p|
+            require 'net/ssh/userauth/driver'
+
+            driver = Driver.new( c[:log_for, p],
+                                 c[:transport][:buffers],
+                                 c[:methods],
+                                 c[:authentication_method_order] )
+
+            driver.key_manager = c[:user_keys]
+            driver.session = c[:transport][:session]
+
+            if c.knows_key?(:userauth_keys) && c[:userauth_keys]
+              driver.set_key_files c[:userauth_keys]
+            end
+            if c.knows_key?(:userauth_host_keys) && c[:userauth_host_keys]
+              driver.set_host_key_files c[:userauth_host_keys]
+            end
+            if c.knows_key?(:userauth_method_order) && c[:userauth_method_order]
+              driver.set_auth_method_order *c[:userauth_method_order]
+            end
+
+            driver
+          end
+
+        end
+      end
+      module_function :register_services
+
+    end
+  end
+end